[wp-trac] [WordPress Trac] #50308: CSS Customizer control field - vulnerabilty against hacks prevention
WordPress Trac
noreply at wordpress.org
Wed Jun 3 07:37:06 UTC 2020
#50308: CSS Customizer control field - vulnerabilty against hacks prevention
-----------------------------------------------+---------------------------
Reporter: marcorinia | Owner: (none)
Type: enhancement | Status: assigned
Priority: normal | Milestone: Awaiting
| Review
Component: Security | Version: 5.4.1
Severity: major | Keywords:
Focuses: javascript, css, coding-standards |
-----------------------------------------------+---------------------------
Enhancement WP Core idea:
In the standard WP - Customizer - CSS control field is possible to add
custom: CSS, JavaScript and also PHP code. This feature is great but also
dangerous for like database injection scripts for hacking sites.
Is it possible to make this CSS control field more secure to prevent
executing of hack scripts at some way? Maybe with some regular expressions
or with realtime validations code of the input before saving and updating
the input code.
[[Image()]]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50308>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list